git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 14 Dec 2020 18:16:17 +0000 (13:16 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 18 Dec 2020 17:41:30 +0000 (12:41 -0500)
commit	0d56740ab9fcc40dc7f46c6fbebdf8f1214f9d96
tree	01a7578270fdde645e854cb2ea7f6ee090f2b986	tree
parent	0fdc59ef5e538fdf0fd65fa190483e84289f66c1	commit \| diff

Add support for start_realm cache config

When making TGS requests, if start_realm is set in the cache, use the
named realm to look up the initial TGT for referral or cross-realm
requests. (Also correct a comment in struct _tkt_creds_context: the
ccache field is an owner pointer, not an alias.)

Add an internal API k5_cc_store_primary_cred(), which sets start_realm
if the cred being stored is a TGT for a realm other than the client
realm. Use this API when acquiring initial tickets with a
caller-specified output ccache, when renewing or validating tickets
with kinit, when accepting a delegated credential in a GSS context,
and when storing a single cred with kvno --out-cache.

ticket: 8332
tags: pullup
target_version: 1.19

doc/formats/ccache_file_format.rst		diff \| blob \| blame \| history
src/clients/kinit/kinit.c		diff \| blob \| blame \| history
src/clients/kvno/kvno.c		diff \| blob \| blame \| history
src/include/k5-int.h		diff \| blob \| blame \| history
src/lib/gssapi/krb5/accept_sec_context.c		diff \| blob \| blame \| history
src/lib/krb5/ccache/ccfns.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_creds.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_in_tkt.c		diff \| blob \| blame \| history
src/lib/krb5/libkrb5.exports		diff \| blob \| blame \| history
src/lib/krb5_32.def		diff \| blob \| blame \| history
src/tests/t_crossrealm.py		diff \| blob \| blame \| history
src/tests/t_pkinit.py		diff \| blob \| blame \| history